How to use your own proxy certificate (On-Premise)


By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate. The root Quick Web Proxy certificate as well as domain certificates are generated only once (they are generated on the first successful connection to a domain):

From Windows Agent 15.0, it's possible to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate.

Follow the instructions below to configure your own certificate and private key.

Step 1: Make Changes to the Database Table

On your database admin tool (e.g., pgAdmin), open the kv_store table located inside tm_onsite > public. Add/insert the following keys and values into the key_store table:

Key Description Example Value
ca_root.pkey_pass Private key passphrase 123456
Option 1*:
ca_root.cert_path Full path to the certificate (see Step 2) C:/certs/cert.pem
ca_root.pkey_path Full path to the private key (see Step 2) C:/certs/key.pem
Option 2*:
ca_root.cert_data Certificate data -----BEGIN CERTIFICATE-----      
ca_root.pkey_data Private key data -----BEGIN CERTIFICATE-----      
*If you use Option 1 then you don't need to use Option 2 or vice versa.
The Server cannot validate these values. It's up to you to ensure the values you enter are correct and the corresponding path/files are present. In case the Agent receives empty or invalid certificate data from the server, it will use the default Quick Web Proxy certificate.

Step 2: Copy the Necessary Files (optional)

If you used Option 2 from the table in Step 1, then you don't have to follow this step.

If you used Option 1 from the table above, you will need to first create a folder somewhere at the target computer/endpoint.  For example, C:\certs. You will then have to copy the corresponding certificate and private key (.pem files) into the folder. 

Step 3: Restart the Server

Restart the server using the following command:

sudo systemctl restart Teramind
Was this article helpful?
0 out of 0 found this helpful